> In principle no. The main consideration with this kind of change > is whether the new default is available to the currently supported > installed base. (E.g. if we "support" fedora 12 and fedora 12's openssl > doesn't have aes256, then there's a problem.) I don't think that there > are any actual issues here, but that's the underlying question I think.
Fedora is probably a bad example. I seriously doubt any Fedora users are running more than one or two releases behind current, this is just unlike the target audience. And no sensible admin puts Fedora into the server room anyway. But active distributions of similar vintage can be a concern, like RHEL5 and derivatives (which are ok in this regard, I believe - openssl-0.9.8e).
